Issue - meetings

Progress Report on Internal Audit Activity

Meeting: 17/03/2022 - Governance and Audit Committee (Item 38)

38 Progress Report on Internal Audit Activity pdf icon PDF 82 KB

To examine the progress made between 5 January 2022 to 8 March 2022 in relation to the completion of the Internal Audit Plan for 2021/22 (report of the Head of Internal Audit enclosed).

Additional documents:

Minutes:

Consideration was given to the report of the Head of Internal Audit which examined progress made between 5 January 2022 to 8 March 2022 in relation to the completion of the Internal Audit Plan for 2021/22.

 

The Head of Internal Audit introduced the report and highlighted the following points within the Progress Report and its appendices:

 

·         Section 2.1 highlighted that three audits (Legal Services; Budget Sustainability Savings; and Digital Strategy) had been postponed at the request of management, the reasons predominantly being as a result of the impact of partnership working

·         Section 3.1 highlighted that 63% of the Plan had been completed.  A few audits had been rescheduled, but good progress was being made and all was on track to provide an opinion at the July meeting.

·         Section 4.4 confirmed that three reports had been finalised and issued – Cyber Security (Reasonable Assurance); Licensing (Substantial Assurance) and Payroll (Audit Lincolnshire) (Reasonable Assurance). 

·         Section 4.6 advised that work on Corporate Fuel Cards had been concluded.  The policy and process had been considered and no significant concerns had been raised.  However, it had been requested that business intelligence be undertaken over the use of fuel and bearer cards.

·         Appendix 1 provided a visual representation of progress in the completion of the agreed audit work

·         Appendix 2 provided an executive summary and details on finalised reports.

·         The maturity assessment of Cyber Security was in a different format to what the Committee usually received.  This was a very bespoke piece of work undertaken by TIAA and a lot of insight into the review was provided.  The outside line (blue) of the spider diagram at item 10 within the Summary at Appendix 2 indicated the aspirations of the Authority and PSPS around cyber security.  Evidence of the current situation was shown by the green line. Further information regarding the current position against aspiration was provided in the accompanying table.

 

The following points were raised:

 

·         Members raised concerns that requests for deferment due to the impact of partnership working (at section 2.1) should not become a default reason for delays.

  • The Head of Internal Audit confirmed that deferments were to be avoided wherever possible and that where requested, a viable reason was needed.

 

·         The Chairman commented that the spider diagram referred to was useful.

 

·         With regard to cyber security, it would be interesting to know how PSPS’s  level of cyber control compared to other contractors.  In addition, why was the supply chain element not tighter than it was?

  • The Head of Internal Audit responded that she could not comment on the control framework for other, larger organisations, but the supplier element was a new feature to the maturity assessment so it was not unusual to see a lower assessment at this stage.  It was an area that continued to move, and which required quick adaptability and that Reasonable was a good result.  

 

·         At Appendix 2 under Issues to be Addressed (previous audit recommendations), it was stated that ‘the audit reviewed the previous internal audit recommendations, of  ...  view the full minutes text for item 38